Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

push - add authentication same as with other methods that use sources #2026

Open
kev494 opened this issue Apr 2, 2020 · 3 comments
Open

push - add authentication same as with other methods that use sources #2026

kev494 opened this issue Apr 2, 2020 · 3 comments
Labels
0 - Backlog Improvement Up For Grabs
Milestone
1.x

Comments

@kev494
Copy link

kev494 commented Apr 2, 2020

I would like to restrict the choco sources with some sort of authentication. I have the ability to add user and password or a certificate when adding e chocolatey source on the client. This means for me I can define basic oder certificate-based authentication in the IIS settings. Then, I would disable anonymous access. This works fine and packages from this source can only be installed with username and password (when setup basic auth). However, I'm now not able to choco push to this source anymore. I will get an unauthorized exception.

> choco push -s https://servername/chocolatey -f --api-key=someapikey
Chocolatey v0.10.15
Attempting to push GoogleChrome.77.0.3865.000.nupkg to https://servername/chocolatey
Failed to process request. 'Unauthorized'.
The remote server returned an error: (401) Unauthorized..

I asked for help on gitter and get some interesting insights that this could be avoided with using nuget.exe. Like it is done here https://blog.pauby.com/post/chocolatey-repository-using-azure-devops-artifacts-feed/. Not sure if it will work for IIS based Webserver as well. But, I will find out.

My questions from all of this is, if it would be possible to add the same authentication methods for choco push as they exist for choco source? So this can be achieved with chocolatey commands.

choco push -s https://servername/chocolatey -f --api-key=someapikey -u user -p pw
choco push -s https://servername/chocolatey -f --api-key=someapikey -cert path-to-cert

If I'm missing something, I'm happy to hear if there are better options. Thanks in Advance for your help.
@ferventcoder ferventcoder changed the title Authentication method for choco push push - add authentication same as with other methods that use sources Apr 15, 2020
@ferventcoder ferventcoder added this to the 1.x milestone Apr 15, 2020
@ferventcoder
Copy link
Member

@kev494 this is a good request! I've updated it a bit for our purposes and have marked it as up for grabs for anyone that might want to take a stab at it.

I'm wondering if it is required to add something on the server side as well once it is turned on on the client side. I know with Chocolatey Server, we specifically had to allow pushes to go through without hitting basic/cert auth as the API should be all that is necessary there as credentials.

Are you using Chocolatey.Server and hitting this or something else?

@kev494
Copy link
Author

kev494 commented Apr 16, 2020

@ferventcoder exactly, I was hitting this with Chocolatey.Server and think there will happen for each Server which uses IIS.
Did you set it up that installs hit basic/cert auth and pushes not? How did you achieve this?

@TheCakeIsNaOH TheCakeIsNaOH mentioned this issue Jul 30, 2022
Merged
46 tasks
@JPRuskin
Copy link
Member

To add a little to this, Sonatype Nexus sources can be pushed to with anonymous authentication turned off, but you have to add a source matching the push-endpoint with your working credentials - and then push using your API key.

@pauby pauby mentioned this issue Nov 15, 2024
Closed
6 tasks
@gep13 gep13 mentioned this issue Nov 18, 2024
Closed
6 tasks
corbob added a commit to corbob/choco that referenced this issue Nov 27, 2024
@corbob
(chocolatey#3565) Add authenticated source for Pester tests
cc28e6f 
Add the push source to configuration so that we are able to push to it
successfully. When anonymous access is disabled, Chocolatey will now
only use credentials it has configured by the exact source URL, and not
just one that matches the hostname. As such, this test started failing
and needs to be updated to ensure the credentials can be used.

See chocolatey#2026 for more details.
corbob added a commit to corbob/choco that referenced this issue Nov 27, 2024
@corbob
(chocolatey#3565) Add authenticated source for Pester tests
7387944 
Add the push source to configuration so that we are able to push to it
successfully. When anonymous access is disabled, Chocolatey will now
only use credentials it has configured by the exact source URL, and not
just one that matches the hostname. As such, this test started failing
and needs to be updated to ensure the credentials can be used.

See chocolatey#2026 for more details.
@corbob corbob mentioned this issue Nov 27, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 - Backlog Improvement Up For Grabs
Projects
None yet
Milestone
1.x
Development

No branches or pull requests
3 participants
@ferventcoder @JPRuskin @kev494